You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/infrastructure_and_maintenance/security/security_checklist.md
+5Lines changed: 5 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -255,6 +255,11 @@ Make sure to also include subdomains by means of the `includeSubDomains` setting
255
255
256
256
When using [[= product_name_cloud =]], you can [configure HSTS in `.platform/routes.yaml`](https://docs.platform.sh/define-routes/https.html#enable-http-strict-transport-security-hsts).
257
257
258
+
Beware if you are using a Varnish proxy:
259
+
Your version of Varnish may not support HTTPS connections with your web server.
260
+
If so, make sure to only enable HSTS between your public-facing proxy and the clients.
261
+
When using [[= product_name_cloud =]], this is handled automatically.
262
+
258
263
## Domain
259
264
260
265
### Enable Domain Name System Security Extensions (DNSSEC)
0 commit comments